0
I need to save the source of user traffic. As the post URL is different from the form URL, I am using an Hidden input in the form to redeem this data (if not, the source of traffic will always be the form URL). However, I am not able to rescue this data by the value in the input (the data is always empty).
The idea is to know by which page he entered the form (before submitting it).
Code:
<input type="hidden" value="<?php echo $_SERVER['HTTP_REFERER']; ?>" id="origem" name="origem">
1
However, I am not able to rescue this data by the value in the input (the data is always empty).
Usually, when you open the page directly from the browser bar, the header is not generated HTTP_REFERER.
That’s because the referrer refers to a source page. That is, if you came from one page to another.
I suggest that, to put a default value on HTTP_REFERER If there’s nothing, you can put it like this:
<input type="hidden" value="<?php echo isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : $_SERVER['PHP_SELF']; ?>" id="origem" name="origem">
if not, the traffic source will always be the form URL)
In the case of PHP_SELF, you could put another value, which would be the default value if there was nothing on HTTP_REFERER. You could register it manually, but I believe PHP_SELF already takes good care of this work.
Assuming the user can manipulate this information, I suggest you use $_SESSION to store the HTTP_REFERER, if she exists.
For example:
// script_do_formulario.php
session_start();
// Se o header referer existir, ele vai ser adicionado na sessão,
// e não vai sair, ao menos que o usuário entre na página novamente.
if (isset($_SERVER['HTTP_REFERER']) {
$_SESSION['referrer'] = $_SERVER['HTTP_REFERER'];
}
When saving the form data, you will check whether the value of $_SESSION['referrer'] exists to save you in the bank.
Just out of curiosity, you might be confused about being "referer" or "referrer" (with two "r"). There’s a question about that here:
Complement: Security and Privacy and Disclosure of confidential information in Uris
In this case, I’m coming from the homepage of the site, so the origin should be the URL of the homepage, right? However, code written within input value seems to be ignored, because it always comes as an empty index.
Thank you @Valdeirpsr. It was something about security that I wanted to warn you about before. The user could easily handle these changes if it was input. But the link you sent there is even more serious, kkkkkkk.
@Eduardomartinscasagrande If you have a redirect along the way, the referer won’t work.
Browser other questions tagged php html input
You are not signed in. Login or sign up in order to post.
And why don’t you use
$_SERVER['HTTP_REFERER']right on the server? Use this on ainput[type=hidden]is totally unviable. The user can manipulate the data of his report at will if he opens the F12 of Google Chrome!– Wallace Maxters
The problem is that, as described, the URL is different. When using this code directly on the server, it rescues the form URL always.
– Eduardo Martins Casagrande
So save it in session. The solution isn’t to put it in the form, man. It’s not safe, the user could change it, you know?
– Wallace Maxters
Although in any way, whoever manipulates the form could manipulate the
headeralso. You’re using the form on more than one page, that’s it?– Wallace Maxters
As so in session?
– Eduardo Martins Casagrande
This form, in particular, I’m only using on one page.
– Eduardo Martins Casagrande
I get it. The
HTTP_REFERERthen it would be to know by which page he entered the form (before submitting it)?– Wallace Maxters
Yes. That’s exactly it.
– Eduardo Martins Casagrande
@Eduardomartinscasagrande If you only want the origin within your site, you can save the contents of the variable
location.hrefin a cookie/localStorage or you can force a different header, for example:X-HTTP-REFER. Ps.: For security reasons, the browsers can change the header value.– Valdeir Psr